On Wed, Sep 11, 2013 at 8:00 PM, John Gilmore <g...@toad.com> wrote:

> There doesn't seem to be much downside to just calling it "Forward
> Secrecy" rather than "Perfect Forward Secrecy".  We all seem to agree
> that it isn't perfect, and that it is a step forward in security, at a
> moderate cost in latency and performance.

What's really bothered me about the phrase "perfect forward secrecy" is
it's being applied to public key algorithms we know will be broken as soon
as a large quantum computer has been built (in e.g. a decade or two).
Meanwhile people seem to think that it's some sort of technique that will
render messages unbreakable forever.

Tony Arcieri
The cryptography mailing list

Reply via email to